EOS Gambling Platforms have fallen prey to hackers who have gotten away with 44,427.4302 EOS.
Several days ago, smart contracts on two EOS gambling platforms have been hacked resulting in the loss of more than a quarter of a million dollars.
First Hack: DEOSGames – $24,000
The first hack occurred on September 9th when a DEOSGames user named, ‘runningsnail’ proved to be on a winning streak, receiving $1,000 payments repeatedly, after depositing 10 EOS and winning the jackpot only seconds later. According to a tweet on September 10th, DEOSGames confirmed the hack to its smart contract:
“We are back up and running with EOS game for last 6+ hours. Yesterday, we got a malicious contract exploit our contract. It is a good stress test and we got significant improvements on contract level. Keep doing what we do, remember we are still in beta!”.
Second Hack: EOSBet – $236,000
On September 15th, /u/EOSBetCasino published a statement on Reddit informing about the nature and scale of the smart contract hack which had resulted in a significant loss of funds, displaying an overview of the attack including the affected code.
The team explained that “the faulty ABI forwarder was the first ABI forwarder circulating around the community and early developers. Multiple other games and smart contracts have been burned by this exact forwarding code, which allows an attacker to bypass the eosio.token check, and directly call transfer on the contract”.
So, after exploiting the flaw in the code, the hackers were not obliged to pay when losing, while dishing out real funds when winning. Given that these funds couldn’t be withdrawn, hackers benefited from a consequence-free gambling process gaining free money.
Was There a Third Hack?
On September 14th, The Next Web referred to some lucky gambler who appeared to have claimed over $600,000 from EOSBet within a 36 hour period, after consecutively doubling their money from winning on dice rolls, earlier that week. Shortly after, EOSBet refuted the alleged code exploit, saying that “the user was simply lucky”. However, this ‘incident’ is currently under investigation.
EOSBet Next Steps
Concluding their address to the EOS Community, the EOSBet team announced that they are planning to strengthen their security practices so that a similar event does not occur in the future.